Re: [tor-relays] Public Munin Graphs: Security Risk?

On Tue, 29 Jan 2013 16:54:58 +0100 Moritz Bartl moritz@torservers.net wrote:

I finally deployed Munin across our exit nodes. The graphs are currently public, and I don't see an obvious reason for not doing that. Any objections?

For what it's worth, we do this too, https://munin.torproject.org. Right now it has a tor-guest account on it to avoid cgi exploits, but otherwise it has been fine for the past few years.

If someone does exploit a cgi script, they'll get an empty webserver with copies of munin data. Not the end of the world for us.

Thanks for putting that up Moritz. Others can learn what it takes to run busy exit relays.